Search Results for "static code analysis" - Page 2
Sort By:
Showing 1519 open source projects for "static code analysis"
View related business solutions-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI Studio. Switch between models without switching platforms.
-
$300 in Free Credit Across 150+ Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale with Google Cloud.
-
1
Claude Code Security Reviewer
An AI-powered security review GitHub Action using Claude
The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). -
2
gosec
Golang security checker
A project devoted to secure programming in the Go language. Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. You can integrate third-party code analysis tools with GitHub code scanning by uploading data as SARIF files. The workflow shows an example of running the gosec as a step in a GitHub action workflow that outputs the results.sarif file. The workflow then uploads the results.sarif file to GitHub using the upload-serif action. Gosec can be configured to only run a subset of rules, to exclude certain file paths, and produce reports in different formats. ... -
3
BemiDB
Postgres read replica optimized for analytics
BemiDB is a high-performance, key-value database designed for efficient data retrieval and storage, optimized for applications requiring fast read and write operations. -
4
CodeChecker
CodeChecker is an analyzer tooling, defect database
CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment. Executes Clang-Tidy and Clang Static Analyzer with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available). Creates the JSON compilation database by wiretapping any build process (e.g., CodeChecker log -b "make"). -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
Screenshot to Code
A neural network that transforms a design mock-up into static websites
Screenshot-to-code is a tool or prototype that attempts to convert UI screenshots (e.g., of mobile or web UIs) into code representations, likely generating layouts, HTML, CSS, or markup from image inputs. It is part of a research/proof-of-concept domain in UI automation and image-to-UI code generation. Mapping visual design to code constructs. Code/UI layout (HTML, CSS, or markup). Examples/demo scripts showing “image UI code”. -
6
Semgrep
Lightweight static analysis for many languages
Static analysis at ludicrous speed. Find bugs and enforce code standards. Find and prevent security issues in Terraform, Docker, Kubernetes, nginx, and AWS configs before they go into production. Go beyond application code and protect the entire stack with a breadth of scanning capabilities. Don't leak secrets, scan every commit and ensure secrets don't make it to production. -
7
Joern
Open-source code analysis platform for C/C++/Java/Binary/Javascript
Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis. -
8
PhpMetrics
Beautiful and understandable static analysis tool for PHP
PhpMetrics is a powerful static analysis tool for PHP code that provides metrics on code quality, complexity, maintainability, and architecture. It generates comprehensive reports in HTML format, visualizing metrics like cyclomatic complexity, lines of code, and coupling between classes. PhpMetrics helps developers identify potential code issues, optimize performance, and maintain high-quality codebases. -
9
RuboCop
A Ruby static code analyzer and formatter, based on the community Ruby
RuboCop is a Ruby static code analyzer (a.k.a. linter) and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide. RuboCop packs a lot of features on top of what you’d normally expect from a linter. Works with every major Ruby implementation. Autocorrection of many of the code offenses it detects. -
Push Code. Get a Production URL. Done.Skip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
-
10
pytype
A static type analyzer for Python code
pytype is a static type analyzer that checks and infers types for Python code without executing it, catching errors at “compile time” and generating actionable diagnostics. It grew alongside Python typing at Google and can understand both inline annotations and unannotated code via powerful inference. The tool consumes stub files (.pyi) for the standard library and third-party packages (from typeshed and its own built-ins), enabling accurate checks even in large, mixed-quality codebases. ... -
11
Flow
A static type checker for JavaScript
Flow is a static type checker for JavaScript. It was designed to help improve code quality and developer productivity. It does this through several smart capabilities. First, it identifies problems as you code, so you no longer have to waste time guessing and checking again and again. Second, it understands your code and makes its knowledge available, allowing you to build other smart tools on top of it. -
12
Phoenix Code Editor
Phoenix is a modern open-source Code Editor for the web
Phoenix is a modern open-source and free software code editor for the web, built for the browser. -
13
PHP CS Fixer
A tool to automatically fix PHP Coding Standards issues
PHP-CS-Fixer is a tool that automatically fixes coding standards issues in PHP files. It helps developers maintain consistent coding style by applying rules defined by PHP-FIG (PSR standards) or custom configuration. It is widely used in CI/CD pipelines to enforce style conformity and reduce code review overhead. -
14
Bandit
Bandit is a tool designed to find common security issues in Python
Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA. -
15
PHP Insights
Instant PHP quality checks from your console
The perfect starting point to analyze the code quality of your PHP projects. Analysis of code quality and coding style. Beautiful overview of code architecture and it's complexity. Designed to work out-of-the-box with Laravel, Symfony, Yii, WordPress, Magento2, and more. Contains built-in checks for making code reliable, loosely coupled, simple, and clean. PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the code quality of your PHP projects. ... -
16
RuboCop Performance
An extension of RuboCop focused on code performance checks
Performance optimization analysis for your projects, as an extension to RuboCop. You need to tell RuboCop to load the Performance extension. Now you can run rubocop and it will automatically load the RuboCop Performance cops together with the standard cops. You need to tell RuboCop to load the Performance extension. Now you can run rubocop and it will automatically load the RuboCop Performance cops together with the standard cops. -
17
AWS IoT Fleet Provisioning Library
Client library for using AWS IoT Fleet Provisioning service
...This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis, and validation of memory safety through the CBMC automated reasoning tool. -
18
Deptrac
Keep your architecture clean.
Deptrac is a static analysis tool for PHP that helps maintain architectural boundaries within codebases. It analyzes dependencies between classes and ensures that code follows predefined architectural rules. Deptrac is useful for preventing unwanted couplings, enforcing clean code architecture, and detecting violations early during development. -
19
GDScript Toolkit
Independent set of GDScript tools - parser, linter and formatter
...This project provides a set of tools for daily work with GDScript. At the moment it provides a parser that produces a parse tree for debugging and educational purposes. A linter that performs a static analysis according to some predefined configuration. A formatter that formats the code according to some predefined rules. A code metrics calculator which calculates the cyclomatic complexity of functions and classes. To install this project you need python3 and pip. Regardless of the target version, installation is done by pip3 command and for stable releases, it downloads the package from PyPI. -
20
PHPStan
Dscover bugs in your code without running it!
PHPStan finds bugs in your code without writing tests. It's open-source and free. PHPStan scans your whole codebase and looks for both obvious & tricky bugs. Even in those rarely executed if statements that certainly aren't covered by tests. You can run it on your machine and in CI to prevent those bugs ever reaching your customers in production. Thanks to rule levels you don't get overwhelmed with thousands of errors on the first run. You can increase PHPStan's capabilities on your code at... -
21
Soufflé
Datalog variant for tool designers crafting analyses in Horn clauses
Rapid prototyping for your analysis problems with logic; enabling deep design-space explorations; designed for large-scale static analysis; e.g., points-to analysis for Java, taint-analysis, and security checks. Futamura projections/partial evaluation for effective translation to parallel C++; optimized staged compilation; specialized data-structures for logical relations. -
22
PHPDoc-Parser for PHPStan
Next-gen phpDoc parser with support for intersection types
Next-generation phpDoc parser with support for intersection types and generics. This project adheres to a Contributor Code of Conduct. By participating in this project and its community, you are expected to uphold this code. Initially you need to run composer install or composer update in case you aren't working in a folder that was built before. Afterward, you can either run the whole build including linting and coding standards. -
23
Source Code Hunter
Source code analysis of Spring, MyBatis, Redis, Netty, and more
Source Code Hunter is an open source project by Doocs that focuses on analyzing and explaining the source code of widely used Java frameworks and libraries. It helps developers deepen their understanding of internal implementations, design patterns, and performance optimizations by walking through actual codebases such as Spring, MyBatis, Netty, Tomcat, and others. The project aims to bridge the gap between theoretical knowledge and real-world application by providing step-by-step annotated... -
24
kube-score
Kubernetes object analysis with recommendations
Kubernetes object analysis with recommendations for improved reliability and security. kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license. -
25
Zine
Fast, Scalable, Flexible Static Site Generator (SSG)
A Zine site is a collection of content files and layouts. Zine turns your content into HTML, styles it using your layouts, and finally copies the result (alongside other assets like images) into an output directory that you can then publish on static hosting services like GitHub Pages. Zine uses a structured approach to content authoring that helps keep sizeable content collections manageable. Similarly, the build process uses surgical dependency tracking to ensure minimal rebuilds, keeping...
